How are malicious attackers successfully SQL injecting legitimate web sites? There are several approaches in their arsenal. For instance, they often use a search engine’s index in order for them to detect vulnerable web sites, using DIY SQL injecting tools. The second approach relies on botnets actively crawling inside a search engine’s index, once again looking for vulnerable and susceptible to SQL injections web sites.

There’s no way for you to spot whether a site has been compromised, unless you use Search to look up a particular site for the malicious URL in question, before visiting it. This is where Firefox’s NoScript comes into play, preventing the successful loading of the malicious script upon visiting the compromised web site. So use Firefox’s NoScript extensionto prevent SQL injection attacks, as well as numerous other web-based threats.